The Threat We Forget

26 November 2014 by Jenn Granger

Loss of data, loss of dolla, angry customers, and public shame are a few of the consequences of a security breach. Obviously the bigger the company, the bigger the target – and the bigger the shame splash zone. Because of this, news of Sony’s hack earlier this week caused quite a stir, and what hasn’t helped is that the breach could have been aided internally. Whether this is true or not, it’s the perfect opportunity to make sure that you are protecting your biz inside as well as out!

It’s not Halloween (or April Fool’s), so when Sony’s staff came into work on Monday to find a glowing red skeleton had taken up residence on their computers, with the phrase ‘Hacked by #GOP’ (a group known as Guardians of Peace) and a list of demands, it was already shaping up to be a looong week.

It claimed Sony already knew its demands and that it would release a shed-tonne of info if it didn’t meet them by that evening; however, then everything went kinda quiet and systems seemed to stay down. Sony is apparently advising employees to stay off work systems and email, and that the breach could take anywhere from a day to three weeks to fix.

It looks like a massive amount of info was nicked, and although initial reports say it mostly doesn’t seem to be sensitive, the GOP’s claims say otherwise; and with that amount of data there’s always the potential that it’s mixed in anyway.

And their reasoning? They said that: “We Want equality [sic]. Sony doesn’t. It’s an upward battle”. They’ve also called Sony’s CEO a ‘criminal’ on Twitter. What’s even curiouser (and curiouser) is that it’s thought they were working with Sony employees. An email to the Verge said: “Sony doesn’t lock their doors, physically, so we worked with other staff with similar interests to get in…Im sorry I can’t say more, safety for our team is important [sic].”

Whether it’s true or not, what it does show is that it’s important not to forget about internal security, which needs to be monitored just as closely as external portals. There are things you can do to help protect yourself, like active security monitoring of internal traffic for anomalies or unusual activity, especially things like large amounts of data moving about where it shouldn’t be. Implementing least privilege profiles so that employees only have access to absolutely necessary data, and even restricting USB port access so that if they were to try and get their hands on mega amounts of data they would have a harder time taking it away.

Find out more about out security solutions on our website, or if you have any queries about your security give us a call on 0800 045 4945.